Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?

Posts created by: Robert Falcone

Fake CVE-2023-40477 Proof of Concept Leads to VenomRATA pictorial representation of a fake PoC distributing VenomRAT. A Trojan horse against a computer screen is on a green background. Palo Alto Networks logo. Unit 42 logo.
4,978
people reacted

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

  • By Robert Falcone
  • September 19, 2023 at 6:00 AM

9

10 min. read

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)A pictorial representation of a supply chain attack like that against 3CXDesktopApp
78,941
people reacted

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)

  • By Robert Falcone and Josh Grunzweig
  • March 30, 2023 at 12:50 PM

29

8 min. read

Trending

  • Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per Month by Unit 42
  • Threat Group Assessment: Muddled Libra (Updated) by Unit 42
  • Wireshark Tutorial: Display Filter Expressions by Brad Duncan
  • Wireshark Tutorial: Changing Your Column Display by Brad Duncan
  • Threat Group Assessment: Turla (aka Pensive Ursa) by Unit 42
Threat Brief: OWASSRF Vulnerability ExploitationA pictorial representation of the ProxyNotShell bypass threat brief
64,434
people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

  • By Robert Falcone and Lior Rochberger
  • December 22, 2022 at 5:30 PM

14

9 min. read

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)A conceptual image representing a vulnerability, such as CVE-2022-22965, aka SpringShell, discussed here.
106,988
people reacted

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

  • By Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng and Robert Falcone
  • March 31, 2022 at 4:30 PM

89

12 min. read

Threat Brief: Ongoing Russia and Ukraine Cyber ActivityA conceptual image representing cyber conflict such as the use of CVE-2021-32648 and WhisperGate currently targeting Ukraine.
86,786
people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

  • By Robert Falcone, Mike Harbison and Josh Grunzweig
  • January 20, 2022 at 12:30 PM

55

8 min. read

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.
309,647
people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

  • By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
  • December 10, 2021 at 1:00 PM

471

15 min. read

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk PlusA conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.
63,375
people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

  • By Robert Falcone and Peter Renals
  • December 2, 2021 at 6:00 AM

19

10 min. read

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge StealerA conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.
113,491
people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

  • By Robert Falcone, Jeff White and Peter Renals
  • November 7, 2021 at 6:00 PM

69

18 min. read

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" ToolsMespinoza ransomware gang
54,262
people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

  • By Robert Falcone, Alex Hinchliffe and Quinn Cooke
  • July 15, 2021 at 3:00 AM

21

23 min. read

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)A conceptual image representing the new cryptocurrency stealer, WeSteal.
49,924
people reacted

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

  • By Robert Falcone and Simon Conant
  • April 29, 2021 at 12:01 AM

35

9 min. read

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of CredentialsA conceptual image representing espionage, such as the attempted (but unsuccessful) credential harvesting discussed here.
45,128
people reacted

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

  • By Robert Falcone
  • April 15, 2021 at 6:00 AM

26

8 min. read

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral MovementThe BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.
52,319
people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

  • By Robert Falcone
  • January 11, 2021 at 12:01 AM

20

25 min. read

Threat Assessment: Egregor RansomwareConceptual image illustrating Egregor ransomware.
40,303
people reacted

Threat Assessment: Egregor Ransomware

  • By Doel Santos, Brittany Barbehenn and Robert Falcone
  • December 8, 2020 at 6:00 PM

34

5 min. read

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and ControlA conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.
49,589
people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

  • By Robert Falcone
  • November 9, 2020 at 12:00 AM

35

12 min. read

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North AfricaAn illustration of the concept of ransomware, including Thanos
64,029
people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

  • By Robert Falcone
  • September 4, 2020 at 6:00 AM

14

13 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.